Is Encrypted Cardholder Data still Card Holder Data

Where stored encrypted CHD is out of scope is when a third party controls the encryption keys. This most often occurs with tokenization. Under a tokenization scheme, the CHD is sent to a third party who then securely stores the CHD and returns a token that links the CHD at the third party to the token stored by the merchant. If the merchant needs to make any subsequent charges to the account, the merchant sends the stored token to the third party and the third party substitutes the stored CHD for the token and the transaction is completed. But since the merchant does not have access to the token creation process, the token is out of scope because it is no longer considered CHD.

I am clear about scope. I am unclear about whether or not the encrypted CHD is still considered CHD after encryption.

Encrypted cardholder data that is not isolated from the encryption and decryption and key management processes

Encrypted cardholder data that is present on a system or media that also contains the decryption key

Encrypted cardholder data that is present in the same environment as the decryption key

Encrypted cardholder data that is accessible to an entity that also has access to the decryption key

So my question is if the CHD is encrypted in transit (TLS 1.2) to the CDE, encrypted inside the CDE with a key received over TLS from an HSM isolated from the CHD database and on a separate network from the CDE, and then encrypted CHD is transmitted over TLS to be stored in the database, is the database in scope and is the encrypted CHD still CHD?

To clarify.

The database does not perform encryption and/or decryption of cardholder data, and does not perform key management functions and does not store the encryption keys.

The encrypted CHD stored on the database is isolated from the encryption and decryption and key management processes. HSM does not have access to database server, database server does not have access to HSM. The CDE is on a differenet network segment from the HSM.

The encrypted CHD stored on databse is not present on a system or media that also contains the decryption key. The decryption keys are stored in HSM appliance only.

The encrypted CHD stored on database is not present in the same network environment as the decryption key.

The encrypted CHD stored on the database is accessible to the entity that also has access to the decryption key.